[17684] in bugtraq
Re: vixie cron...
daemon@ATHENA.MIT.EDU (Dmitry Alyabyev)
Fri Nov 17 12:36:29 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <30243104766.20001117113004@al.org.ua>
Date: Fri, 17 Nov 2000 11:30:04 +0200
Reply-To: Dmitry Alyabyev <dimitry@al.org.ua>
From: Dmitry Alyabyev <dimitry@al.org.ua>
X-To: Michal Zalewski <lcamtuf@TPI.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0011170517470.13016-200000@nimue.tpi.pl>
Hi
Friday, November 17, 2000, 6:41:32 AM, Michal wrote:
> Attached shell-script exploits fopen() + preserved umask vulnerability in
> Paul Vixie's cron code. It will work on systems where /var/spool/cron is
> user-readable (eg. 0755) - AFAIR Debian does so. RedHat (at least 6.1 and
> previous) have mode 0700 on /var/spool/cron, and thus it isn't exploitable
> in its default configuration... (ahmm, but this does NOT mean it is a
> problem of o+rx bits, but of insecure umask() and fopen() calls).
> I have no information about other distributions or systems - this exploit
> should automagically detect if you are vulnerable or not (checking
> /var/spool/cron, looking for Paul Vixie's crontab, etc). Please report
> your findings to me and/or to BUGTRAQ.
Slackware 7.0 is not exploitable (not vixie's cron)
Mandrake 7.0 is not exploitable (on the reason of permissions on /var/spool/cron)
--
Dimitry
